It’s not possible via the API to deactivate an account. If a hacker were to obtain your consumer key, consumer secret, access token, and access token secret they would likely be able to tweet on your behalf, follow or unfollow users, and other such actions but they would be unable to deactivate your account, change your screen name or email address and so on.